From mboxrd@z Thu Jan  1 00:00:00 1970
From: Matthew Garrett <matthew.garrett-05XSO3Yj/JvQT0dZR+AlfA@public.gmane.org>
Subject: Re: Trusted kernel patchset for Secure Boot lockdown
Date: Thu, 20 Mar 2014 17:12:05 +0000
Message-ID: <1395335525.16016.3.camel@x230>
References: <1394762250.6416.24.camel@x230.lan>
	 <20140314122231.17b9ca8a@alan.etchedpixels.co.uk>
	 <1394801518.6416.38.camel@x230.lan>
	 <20140314170655.0ce398a3@alan.etchedpixels.co.uk>
	 <1394820664.26846.18.camel@x230.mview.int.nebula.com>
	 <20140314214806.54a3d031@alan.etchedpixels.co.uk>
	 <1394834193.1286.11.camel@x230>
	 <20140314220840.29a12171@alan.etchedpixels.co.uk>
	 <20140314231832.GA653@thunk.org>
	 <CAGXu5j+JXy4EbHxu+8twWo=3gqyLJ6hZGPbgsdf3t8YhUA-bWw@mail.gmail.com>
	 <20140320145507.GB20618@thunk.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <linux-efi-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
In-Reply-To: <20140320145507.GB20618-AKGzg7BKzIDYtjvyW6yDsg@public.gmane.org>
Content-Language: en-US
Content-ID: <5AD5D3E378B571469A6A3C63FE37928B-HX+pjaQZbrqcE4WynfumptQqCkab/8FMAL8bYrjMMd8@public.gmane.org>
Sender: linux-efi-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
To: "tytso-3s7WtUTddSA@public.gmane.org" <tytso-3s7WtUTddSA@public.gmane.org>
Cc: "linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>, "jmorris-gx6/JNMH7DfYtjvyW6yDsg@public.gmane.org" <jmorris-gx6/JNMH7DfYtjvyW6yDsg@public.gmane.org>, "keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org" <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>, "linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" <linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>, "akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org" <akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>, "hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>, "jwboyer-rxtnV0ftBwyoClj4AeEUq9i2O/JbrIOy@public.gmane.org" <jwboyer-rxtnV0ftBwyoClj4AeEUq9i2O/JbrIOy@public.gmane.org>, "gnomes-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org" <gnomes-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org>, "linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" <linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>, "gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org" <gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>
List-Id: linux-efi@vger.kernel.org

T24gVGh1LCAyMDE0LTAzLTIwIGF0IDEwOjU1IC0wNDAwLCB0eXRzb0BtaXQuZWR1IHdyb3RlOg0K
DQo+IEkgZGlzYWdyZWU7IGl0J3MgaGlnaGx5IGxpa2VseSwgaWYgbm90IGNlcnRhaW4gdGhhdCBX
aW5kb3dzIGJvb3RpbmcNCj4gdW5kZXIgVUVGSSBzZWN1cmUgYm9vdCBpcyBnb2luZyB0byBiZSBh
YmxlIHRvIGRvIHNvbWUgb2YgdGhlIHRoaW5ncw0KPiB0aGF0IHBlb3BsZSBhcmUgcHJvcG9zaW5n
IHRoYXQgd2UgaGF2ZSB0byBwcm9oaWJpdCBpbiB0aGUgbmFtZSBvZg0KPiBzZWN1cml0eS4gIFRo
YXQncyBiZWNhdXNlIHByZXN1bWFibHkgV2luZG93cyB3b24ndCBiZSB3aWxsaW5nIHRvIG1ha2UN
Cj4gY2VydGFpbiB1c2FiaWxpdHkgdHJhZGVvZmZzLCBhbmQgc2luY2UgdGhleSBjb250cm9sIHRo
ZSBzaWduaW5nIGNlcnRzLA0KPiBldmVuIGluIHRoZSB1bmxpa2VseSBjYXNlIHRoYXQgcGVvcGxl
IGNhbiBsZXZlcmFnZSB0aGVzZSAiaG9sZXMiIHRvDQo+IGVuYWJsZSBhIGJvb3Qgc2VjdG9yIHZp
cnVzLCBpdCBzZWVtcyB1bmxpa2VseSB0aGF0IFdpbmRvd3Mgd2lsbCByZXZva2UNCj4gaXRzIG93
biBjZXJ0Lg0KDQpJIGRvbid0IHRoaW5rIGFueSBvZiB0aGUgZnVuY3Rpb25hbGl0eSB3ZSdyZSBk
aXNhYmxpbmcgKHdpdGggdGhlDQphcmd1YWJsZSBleGNlcHRpb24gb2Yga2V4ZWMsIHdoaWNoLCBh
Z2FpbiwgdGhlcmUgaXMgYSBwbGFuIHRvIGhhbmRsZSkgaXMNCnVzZWZ1bCBvbiBtb2Rlcm4gc3lz
dGVtcy4gQW5kLCBzZXJpb3VzbHksIGlmIHRoaXMgZm9yY2VzIHZlbmRvcnMgdG8NCndyaXRlIGFj
dHVhbCBrZXJuZWwgZHJpdmVycyByYXRoZXIgdGhhbiBydW4gYW4gaW8gcG9ydCBiYW5naW5nIElQ
TUkNCmRyaXZlciBpbiB1c2Vyc3BhY2UsIHRoYXQncyBhICpnb29kKiB0aGluZy4NCg0KV2hldGhl
ciBNaWNyb3NvZnQgd291bGQgYWN0dWFsbHkgZm9sbG93IHRocm91Z2ggb24gYmxhY2tsaXN0aW5n
IHRoZWlyDQpvd24gc2lnbmF0dXJlcyBpcyBvYnZpb3VzbHkgYW4gdW5rbm93biAtIHRoZXkndmUg
dG9sZCB1cyB0aGV5IHdvdWxkLCBidXQNCmNvbW1lcmNpYWwgY29uY2VybnMgZXRjIHdobyBrbm93
cy4gVGhleSAqd2lsbCogYmxhY2tsaXN0IG91ciBzaWduYXR1cmVzLg0KDQotLSANCk1hdHRoZXcg
R2FycmV0dCA8bWF0dGhldy5nYXJyZXR0QG5lYnVsYS5jb20+DQo=

From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1759146AbaCTRMP (ORCPT <rfc822;w@1wt.eu>);
	Thu, 20 Mar 2014 13:12:15 -0400
Received: from mail-bn1lp0143.outbound.protection.outlook.com ([207.46.163.143]:12745
	"EHLO na01-bn1-obe.outbound.protection.outlook.com"
	rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
	id S1753222AbaCTRMK (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Thu, 20 Mar 2014 13:12:10 -0400
From: Matthew Garrett <matthew.garrett@nebula.com>
To: "tytso@mit.edu" <tytso@mit.edu>
CC: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "jmorris@namei.org" <jmorris@namei.org>,
        "keescook@chromium.org" <keescook@chromium.org>,
        "linux-security-module@vger.kernel.org" 
	<linux-security-module@vger.kernel.org>,
        "akpm@linux-foundation.org" <akpm@linux-foundation.org>,
        "hpa@zytor.com" <hpa@zytor.com>,
        "jwboyer@fedoraproject.org" <jwboyer@fedoraproject.org>,
        "gnomes@lxorguk.ukuu.org.uk" <gnomes@lxorguk.ukuu.org.uk>,
        "linux-efi@vger.kernel.org" <linux-efi@vger.kernel.org>,
        "gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>
Subject: Re: Trusted kernel patchset for Secure Boot lockdown
Thread-Topic: Trusted kernel patchset for Secure Boot lockdown
Thread-Index: AQHPP9H0gdFEpLbAD0ahQ2OJgthmsZrhN8oAgAeouoCAATicgIAAJkSA
Date: Thu, 20 Mar 2014 17:12:05 +0000
Message-ID: <1395335525.16016.3.camel@x230>
References: <1394762250.6416.24.camel@x230.lan>
	 <20140314122231.17b9ca8a@alan.etchedpixels.co.uk>
	 <1394801518.6416.38.camel@x230.lan>
	 <20140314170655.0ce398a3@alan.etchedpixels.co.uk>
	 <1394820664.26846.18.camel@x230.mview.int.nebula.com>
	 <20140314214806.54a3d031@alan.etchedpixels.co.uk>
	 <1394834193.1286.11.camel@x230>
	 <20140314220840.29a12171@alan.etchedpixels.co.uk>
	 <20140314231832.GA653@thunk.org>
	 <CAGXu5j+JXy4EbHxu+8twWo=3gqyLJ6hZGPbgsdf3t8YhUA-bWw@mail.gmail.com>
	 <20140320145507.GB20618@thunk.org>
In-Reply-To: <20140320145507.GB20618@thunk.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [208.186.201.90]
x-forefront-prvs: 01565FED4C
x-forefront-antispam-report: SFV:NSPM;SFS:(10009001)(6009001)(428001)(24454002)(189002)(199002)(377424004)(81342001)(47976001)(47736001)(49866001)(4396001)(74876001)(69226001)(76786001)(65816001)(76796001)(85852003)(83072002)(90146001)(20776003)(2171001)(92566001)(56816005)(63696002)(50986001)(66066001)(74502001)(31966008)(74662001)(47446002)(87936001)(80022001)(87266001)(19580395003)(95416001)(95666003)(93136001)(19580405001)(85306002)(97186001)(94946001)(76482001)(81542001)(74706001)(2656002)(80976001)(79102001)(92726001)(46102001)(86362001)(51856001)(94316002)(74366001)(93516002)(97336001)(33646001)(83322001)(56776001)(54316002)(77096001)(33716001)(81816001)(59766001)(77982001)(81686001)(53806001)(54356001);DIR:OUT;SFP:1101;SCL:1;SRVR:BN1PR05MB424;H:BN1PR05MB423.namprd05.prod.outlook.com;FPR:7736F32F.ADD71B0B.B9D34FA6.8224D843.20253;MLV:sfv;PTR:InfoNoRecords;MX:1;A:1;LANG:en;
Content-Type: text/plain; charset="utf-8"
Content-ID: <5AD5D3E378B571469A6A3C63FE37928B@namprd05.prod.outlook.com>
MIME-Version: 1.0
X-OriginatorOrg: nebula.com
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from base64 to 8bit by mail.home.local id s2KHCOLV024172

On Thu, 2014-03-20 at 10:55 -0400, tytso@mit.edu wrote:

> I disagree; it's highly likely, if not certain that Windows booting
> under UEFI secure boot is going to be able to do some of the things
> that people are proposing that we have to prohibit in the name of
> security.  That's because presumably Windows won't be willing to make
> certain usability tradeoffs, and since they control the signing certs,
> even in the unlikely case that people can leverage these "holes" to
> enable a boot sector virus, it seems unlikely that Windows will revoke
> its own cert.

I don't think any of the functionality we're disabling (with the
arguable exception of kexec, which, again, there is a plan to handle) is
useful on modern systems. And, seriously, if this forces vendors to
write actual kernel drivers rather than run an io port banging IPMI
driver in userspace, that's a *good* thing.

Whether Microsoft would actually follow through on blacklisting their
own signatures is obviously an unknown - they've told us they would, but
commercial concerns etc who knows. They *will* blacklist our signatures.

-- 
Matthew Garrett <matthew.garrett@nebula.com>
ÿôèº{.nÇ+‰·Ÿ®‰­†+%ŠËÿ±éÝ¶¥Šwÿº{.nÇ+‰·¥Š{±þG«éÿŠ{ayºÊ‡Ú™ë,j­¢f£¢·hšïêÿ‘êçz_è®(­éšŽŠÝ¢j"ú¶m§ÿÿ¾«þG«éÿ¢¸?™¨è­Ú&£ø§~á¶iO•æ¬z·švØ^¶m§ÿÿÃÿ¶ìÿ¢¸?–I¥